One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8438311 |
| Date de publication | 2024-01-12 06:00:17 (vue: 2024-01-12 16:09:00) |
| Titre | Déterministe vs détection de menace probabiliste: quelle est la différence? Deterministic vs. Probabilistic Threat Detection: What\\'s the Difference? |
| Texte | When you understand the difference between deterministic and probabilistic threat detection, you can better choose the right mix of processes and tools that will keep your data, systems and users most secure. Here is a spoiler, though: As you compare probabilistic and deterministic methods, you will likely conclude that both approaches are needed to some degree. That means you\'re on the right track. When you employ both, you can use the strengths of each approach while mitigating their respective weaknesses. In other words, these methods are different but complementary. To help you figure out when to use each method, we put together this overview. In each section, we start by defining terms, and then we delve into the pros and cons of using the approach to detect threats. What is probabilistic threat detection? Probabilistic threat detection involves the use of probability-based analytic methods to identify potential security threats or malicious activities within a system. This approach doesn\'t rely on fixed (deterministic) rules or signatures alone. Instead, it relies on the likelihood-or probability-that certain behaviors or patterns may indicate the presence of a security threat. Tools for probabilistic threat detection analyze various factors and assign weights to different indicators. That helps cybersecurity systems-and security teams-to prioritize and respond to potential threats based on their perceived risk. This approach to threat detection presents advantages as well as challenges. Here\'s a look at some of the pros and cons of using probabilistic and deterministic detections. Pros Let\'s start with the pros of probabilistic threat detection. Adaptability to new threats. Probabilistic threat detection can help you identify new and evolving threats that may not have definitive signatures. Machine learning and behavioral analysis can adapt to changing attack tactics. Slight pivots in attacker tools and techniques won\'t necessarily fake out these detection techniques. Reduced false positives to unknown threats. Probabilistic methods may result in fewer false negatives for threats that have not been seen before. That\'s because these methods don\'t require a perfect match to a known signature to send an alert. Probabilistic methods are inherently non-binary. Behavioral analysis. This is often part of probabilistic threat detection. It typically uses a baseline of normal system behavior. That, in turn, makes it easier to detect deviations that may indicate a security threat. Continuous learning. Machine learning models for probabilistic threat detection can continuously learn, incorporate feedback from security analysts, and adapt to changes in the threat landscape. That means their accuracy is not static and can improve over time. Cons Now, here is a rundown of some cons. False positives. Probabilistic methods will produce false positives. They rely on statistical models that might interpret unusual but benign behavior as a potential threat. That can lead to alerts on activities that aren\'t malicious. Taken to extremes this can waste security analysts\' time. But making the models less sensitive can lead to false negatives. That\'s why tuning is part of ongoing maintenance. Complexity and resource intensiveness. Implementing and maintaining probabilistic threat detection systems can be complex and demand a lot of resources. That is especially true when it comes to systems that use machine learning because they require a great deal of computing power and expertise to operate. Cost issues. Probabilistic methods and tools deal with uncertainty, which is a key design principle. So they may not be as cost effective as deterministic approaches for detecting well-known threats. Difficulty in interpreting results. It can be a challenge to understand the output of probabilistic models. You may have difficulty discerning why a particular activity is flagged as a potential threat, as the rationale is deep within the model. To interpret the results, you |
| Envoyé | Oui |
| Condensat | ability able about accuracy actionable activities activity actor adapt adaptability adaptive address advanced advantages again against alarms alert alerts algorithms all alone already also analyses analysis analysts analytic analyze answer approach approaches are aren artifact assign assumes attack attacker attackers attacks attempting bad based baseline because become been before behavior behavioral behaviors benefits benign best better between beyond bias biased binary both both brief broader business but can certain certain: challenge challenges change changes changing chats choice choices choose clear code come comes company compare complementary complex complexity comprehensive compromise computing conclude confidence connections cons consider constantly cons continuous continuously converted cost coverage crafty create credentials crown cyber cybersecurity data database databases date day deal deception deceptions deep deeper deeply defense defining definite definitive degree delayed delve demand dependency design detailed detect detected detecting detection detection: detections determined determinism deterministic deviations difference different difficulty direct discern discerning distributed doesn don down each earlier easier effective effectively efficiency efficient either elements emails emerging employ endpoints engages engaging environment escalate especially established evade evolving exact expertise extremes faces factors fake false fast feedback fewer figure file files fixed flagged flagging focus follows forensics from gap garbage good great guys has have head hear heavily help helps here hidden high hit hope how identified identifies identify identity impact implement implementing impossible improve incorporate incredibly incursions indicate indicators individually ineffectiveness information inherently initially innovative insight insights instead intelligent intensiveness interpret interpreting invade involves isn issues its jewels just keep kept key known lack landscape laterally lead leads learn learning legitimate less let lets level like likelihood likely limit limited list literally look looking looks lot low lower lure machine maintaining maintenance make makes making malicious malware many match matches may means method methods might mind mitigating mix model models more morphed most move must nature nearly necessarily need needed needs negatives new non normal not noted now off often once one ones ongoing only operate organization other out outcomes outdated output over overview own pace part particular past patient patterns perceived perfect performance pivots platform polymorphic positive positives posture potential power precision presence presents principle prioritize privilege probabilistic probability processes produce progressed proofpoint pros pros protect provide provides put quality quite rate rationale rdp real reality reduced regular reliable relies rely representative require resource resources respective respond result results right risk risks rules rundown safely scenarios scripts searching section secure security see seen send sends sensitive sessions set setting shadow shares shut signature signatures similar simplicity slight slightly software solution some someone sophisticated specific spoiler start static statistical steps stop strengths struggle suffer sure system systems tactics take taken team teams techniques tend tends terms than that them then there these they thing thinks those though: threat threats time today together told too tools track tracks traditional training tripped true tuning turn turns typically uncertainty underlying understand understanding understands unknown unlike unusual update updated updates use users uses using valuable various versions very waste way weaknesses weights well what when where which why widely will within won words world you your zero |
| Tags | Malware Tool Vulnerability Threat |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.